PatchSiren cyber security CVE debrief

CVE-2017-5585 Opentext CVE debrief

CVE-2017-5585 is a high-severity remote authenticated injection issue in OpenText Documentum Content Server 7.3 when PostgreSQL is used and return_top_results_row_based is set to false. According to the NVD record, improper restriction of DQL hints can let an authenticated attacker perform DQL injection and execute arbitrary DML or DDL commands through a crafted request. The CVE description also notes this is an incomplete fix for CVE-2014-2520.

Vendor: Opentext
Product: CVE-2017-5585
CVSS: HIGH 8.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-22
Original CVE updated: 2026-05-13
Advisory published: 2017-02-22
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for OpenText Documentum Content Server 7.3, especially deployments using PostgreSQL with return_top_results_row_based disabled. Teams that allow authenticated users to submit or influence DQL-related requests should treat this as high priority.

Technical summary

NVD classifies the issue as CVSS 3.0 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) with CWE-74. The affected condition is specific to Documentum Content Server 7.3 on PostgreSQL when return_top_results_row_based is false. In that case, DQL hints are not sufficiently constrained, enabling injection into query handling and potentially allowing arbitrary database modification or schema changes via crafted requests.

Defensive priority

High. The issue is network-reachable, requires only low privileges, and can affect confidentiality, integrity, and availability. Prioritize this for environments that match the affected product, database, and configuration combination.

Recommended defensive actions

Confirm whether any OpenText Documentum Content Server 7.3 deployments use PostgreSQL with return_top_results_row_based set to false.
Treat authenticated DQL-capable interfaces as high-risk until remediation is in place and restrict access to the smallest possible user set.
Consult OpenText support or release notes for a fixed build, hotfix, or vendor remediation path and plan an upgrade or patch deployment.
Review application and database logs for unusual DQL activity, unexpected DML/DDL, or requests that manipulate query hints.
If immediate remediation is not possible, apply compensating controls such as tighter authorization, network segmentation, and limiting which users can submit DQL-bearing requests.

Evidence notes

All core facts are taken from the supplied NVD-derived CVE record: affected product/version, PostgreSQL and return_top_results_row_based condition, authenticated DQL injection impact, and the note that this is an incomplete fix for CVE-2014-2520. The record also lists third-party references to Packet Storm and SecurityFocus, but the supplied corpus does not include a vendor bulletin or a fixed version.

Official resources

CVE-2017-5585 CVE record
CVE.org
CVE-2017-5585 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

Publicly disclosed in the CVE record on 2017-02-22, with the NVD entry later modified on 2026-05-13. The supplied corpus does not include a separate vendor advisory date or remediation bulletin.